Method and Apparatus for Hardware-Accelerated Encryption/Decryption
First Claim
1. A device comprising:
- an integrated circuit comprising a key-based block cipher circuit, the integrated circuit configured to (1) perform encryption/decryption using the block cipher circuit, and (2) perform a plurality of different types of key management functions.
4 Assignments
0 Petitions
Accused Products
Abstract
An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.
327 Citations
105 Claims
-
1. A device comprising:
an integrated circuit comprising a key-based block cipher circuit, the integrated circuit configured to (1) perform encryption/decryption using the block cipher circuit, and (2) perform a plurality of different types of key management functions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
30. A method comprising:
-
performing key-based encryption/decryption within an integrated circuit using a block cipher circuit; and performing a plurality of different types of key management functions within the integrated circuit. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A computer-readable medium comprising:
a data structure comprising logic for (1) performing key-based encryption/decryption using a block cipher circuit, and (2) performing a plurality of different types of key management functions, wherein the data structure is configured for loading on an integrated circuit to define a hardware logic circuit that realizes the block cipher circuit and a capability to perform the plurality of different types of key management functions, and wherein the data structure is resident on the computer-readable medium.
-
45. A system comprising:
-
a system interface circuit configured as a protocol bridge for receiving and outputting data; a direct memory access (DMA) engine circuit in communication with the system interface circuit, the DMA engine circuit configured to transfer data to and from an integrated circuit via DMA; a data routing and control circuit in communication with the DMA engine circuit, the data routing and control circuit configured to process a plurality of control commands and control a plurality of encryption and decryption operations based at least in part on the processed control commands; a block cipher circuit in communication with the data routing and control circuit, the block cipher circuit being configured to perform a key-based encryption operation or a key-based decryption operation on data as specified by the data routing and control circuit; a data buffer in communication with the data routing and control circuit; a key table in communication with the data routing and control circuit, the key table being configured to store a plurality of keys; a key management processor in communication with the data routing and control processor; and a key management function circuit in communication with the data routing and control processor; wherein the interface circuit, the DMA engine circuit, the data routing and control circuit, the block cipher circuit, the data buffer, the key table, the key management processor, and the key management function circuit are all resident on the integrated circuit; wherein the key management processor is configured to provide a plurality of different types of key management functions in conjunction with the key management function circuit; wherein the data routing and control circuit is further configured to control a routing of data and keys to and from the block cipher circuit, the key table, and the data buffer as needed to perform encryption, decryption, and key management; and wherein the data routing and control circuit is further configured to store any intermediate plaintext generated during an encryption or decryption operation in the data buffer. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A device comprising:
an integrated circuit comprising a scalable block cipher circuit, the integrated circuit configured to perform encryption/decryption using the scalable block cipher circuit, the scalable block cipher circuit comprising a hardware logic circuit. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
-
68. A method comprising:
performing encryption/decryption by processing data with a scalable block cipher circuit that is implemented as a hardware logic circuit. - View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79)
-
80. A computer-readable medium comprising:
a data structure comprising logic for performing encryption/decryption using a scalable block cipher circuit, wherein the data structure is configured for loading on an integrated circuit to define a hardware logic circuit that realizes the scalable block cipher circuit, and wherein the data structure is resident on the computer-readable medium.
-
81. A device comprising:
an integrated circuit comprising a block cipher circuit, the integrated circuit configured to perform encryption and decryption using the block cipher circuit, the block cipher circuit comprising a processing pipeline, the processing pipeline comprising a plurality of round circuits, and wherein the block cipher circuit is configured to use the same round circuits for both encryption and decryption. - View Dependent Claims (82, 83, 84, 85, 86, 87, 88, 89)
-
90. A method comprising:
performing encryption and decryption using a block cipher circuit, the block cipher circuit comprising a processing pipeline, the processing pipeline comprising a plurality of round circuits, and wherein the performing step comprises using the same round circuits for both encryption and decryption. - View Dependent Claims (91, 92, 93, 94, 95, 96)
-
97. A computer-readable medium comprising:
a data structure comprising logic for a block cipher circuit, the block cipher circuit comprising a processing pipeline, the processing pipeline comprising a plurality of round circuits, wherein the block cipher circuit is configured to use the same round circuits for both encryption and decryption, wherein the data structure is configured for loading on an integrated circuit to define a hardware logic circuit that realizes the block cipher circuit, and wherein the data structure is resident on the computer-readable medium.
-
98. A device comprising:
-
a block cipher circuit; and an encryption mode wrapper circuit in communication with the block cipher circuit; wherein the encryption mode wrapper circuit is configured to provide an encryption mode for an encryption operation to be performed at least in part using the block cipher circuit; wherein the encryption mode wrapper circuit is further configured to define the encryption mode in response to a control signal; and wherein the block cipher circuit and the encryption mode circuit are implemented as hardware logic circuits within an integrated circuit. - View Dependent Claims (99, 100, 101, 102, 103, 104, 105)
-
Specification